015-Ansible批量安裝Elastic Beats(支援Linux和Windows)
這是堅持技術寫作計劃(含翻譯)的第15篇,定個小目標999,每週最少2篇。
使用elastic beats 進行撥測,metric採集,主機監控,但是批量化安裝仍是個問題,好在elastic官方有開源的ansible-beats 但是隻支援Linux,而我們在某些業務場景下,還有WinServer的存在。故而在官方基礎上fork並增加了windows的支援(已提交PR ,但是官方不一定給合併 [捂臉] )。關於Ansible管理windows可以參考我之前寫的一篇文章Ansible2.7批量管理Windows 。
實驗環境
型別 | 系統 | ip |
---|---|---|
Server(主控) | Ubuntu Server 16.04.5 LTS X64 | 192.168.0.22 |
Client(受控) | Windows Server 2008 R2 SP1 | 192.168.0.23 |
Clinet(受控) | Ubuntu Server 16.04.5 LTS X64 | 192.168.0.24 |
Clinet(受控) | CentOS7.6.1810 (Core) | 192.168.0.25 |
注意: 主控端需要安裝Ansible 2.7.12 可參考
步驟
此處已假設主控端已安裝Ansible 2.7+,被控端的Windows的WinRM已配置完成
安裝anjia0532.ansible_beats
在主控端(192.168.0.22)執行以下命令
root@ubuntu:/root/# ansible-galaxy install anjia0532.ansible_beats - downloading role 'ansible_beats', owned by anjia0532 - downloading role from https://github.com/anjia0532/ansible-beats/archive/master.tar.gz - extracting anjia0532.ansible_beats to /root/.ansible/roles/anjia0532.ansible_beats - anjia0532.ansible_beats (master) was installed successfully
建立inventorys
建立inventorys/hosts.yml
beats: hosts: 192.168.0.23: ansible_user: Administrator ansible_password: password ansible_connection: winrm ansible_winrm_transport: basic ansible_port: 5985 192.168.0.24: ansible_user: root ansible_ssh_private_key_file: /root/.ssh/id_rsa 192.168.0.25: ansible_user: root ansible_ssh_private_key_file: /root/.ssh/id_rsa
建立 task
建立 beats.yml
- name: Example playbook for installing packetbeat hosts: beats roles: - { role: anjia0532.ansible_beats, beat: "packetbeat", beat_conf: { "interfaces": {"device":"any"}, "protocols": { "dns": { "ports": [53], "include_authorities":true }, "http": { "ports": [80, 8080, 8000, 5000, 8002] }, "memcache": { "ports": [11211] }, "mysql": { "ports": [3306] }, "pgsql": { "ports": [5432] }, "redis": { "ports": [6379] }, "thrift": { "ports": [9090] }, "mongodb": { "ports": [27017] } } }, output_conf : { "elasticsearch": { "hosts": ["localhost:9200"] } } } vars: use_repository: true
安裝beats
# ansible-playbook -i inventorys/hosts.yml ./beats.yml // 忽略輸出 PLAY RECAP ******************************************************************************************************************************************************************************************************************************************************************* 192.168.0.23: ok=17changed=17unreachable=0failed=0 192.168.0.24: ok=19changed=19unreachable=0failed=0 192.168.0.25: ok=19changed=19unreachable=0failed=0
表明都成功了
檢視配置檔案和日誌
ssh [email protected] cat /etc/packetbeat/packetbeat.yml
################### packetbeat Configuration ######################### ############################# packetbeat ###################################### interfaces: device: any protocols: dns: include_authorities: true ports: - 53 http: ports: - 80 - 8080 - 8000 - 5000 - 8002 memcache: ports: - 11211 mongodb: ports: - 27017 mysql: ports: - 3306 pgsql: ports: - 5432 redis: ports: - 6379 thrift: ports: - 9090 ############################################################################### ############################# Libbeat Config ################################## # Base config file used by all other beats for using libbeat features ############################# Output ########################################## output: elasticsearch: hosts: - localhost:9200 ############################# Logging ######################################### logging: files: rotateeverybytes: 10485760
# less /var/log/packetbeat/packetbeat 2019-04-13T09:38:44.865+0800INFOinstance/beat.go:611Home path: [/usr/share/packetbeat] Config path: [/etc/packetbeat] Data path: [/var/lib/packetbeat] Logs path: [/var/log/packetbeat] 2019-04-13T09:38:44.868+0800INFOinstance/beat.go:618Beat UUID: 8fbd86a8-0bbc-4349-8aca-d4dc8c897ba2 2019-04-13T09:38:44.868+0800INFO[seccomp]seccomp/seccomp.go:116Syscall filter successfully installed 2019-04-13T09:38:44.868+0800INFO[beat]instance/beat.go:931Beat info{"system_info": {"beat": {"path": {"config": "/etc/packetbeat", "data": "/var/lib/packetbeat", "home": "/usr/share/packetbeat", "logs": "/var/log/packetbeat"}, "type": "packetbeat", "uuid": "8fbd86a8-0bbc-4349-8aca-d4dc8c897ba2"}}} 2019-04-13T09:38:44.868+0800INFO[beat]instance/beat.go:940Build info{"system_info": {"build": {"commit": "1d55b4bd9dbf106a4ad4bc34fe9ee425d922363b", "libbeat": "6.7.1", "time": "2019-04-02T15:15:12.000Z", "version": "6.7.1"}}} 2019-04-13T09:38:44.868+0800INFO[beat]instance/beat.go:943Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.10.8"}}} 2019-04-13T09:38:44.872+0800INFO[beat]instance/beat.go:947Host info{"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-04-12T20:58:45+08:00","containerized":true,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","172.60.20.116/24","fe80::536d:17d0:e9f6:57c/64"],"kernel_version":"3.10.0-957.el7.x86_64","mac":["00:50:56:9f:8b:b7"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":6,"patch":1810,"codename":"Core"},"timezone":"CST","timezone_offset_sec":28800,"id":"cd7bb2d0c80a41c89bb5b596c22fc85e"}}} 2019-04-13T09:38:44.873+0800INFO[beat]instance/beat.go:976Process info{"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/", "exe": "/usr/share/packetbeat/bin/packetbeat", "name": "packetbeat", "pid": 9683, "ppid": 1, "seccomp": {"mode":"filter"}, "start_time": "2019-04-13T09:38:44.350+0800"}}} 2019-04-13T09:38:44.874+0800INFOinstance/beat.go:280Setup Beat: packetbeat; Version: 6.7.1 2019-04-13T09:38:44.874+0800INFOelasticsearch/client.go:164Elasticsearch url: http://localhost:9200 2019-04-13T09:38:44.875+0800INFO[publisher]pipeline/module.go:110Beat name: localhost.localdomain 2019-04-13T09:38:44.875+0800INFOprocs/procs.go:101Process watcher disabled 2019-04-13T09:38:44.877+0800INFOinstance/beat.go:402packetbeat start running. 2019-04-13T09:38:44.877+0800INFO[monitoring]log/log.go:117Starting metrics logging every 30s 2019-04-13T09:39:14.887+0800INFO[monitoring]log/log.go:144Non-zero metrics in the last 30s{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":160,"time":{"ms":162}},"total":{"ticks":610,"time":{"ms":614},"value":0},"user":{"ticks":450,"time":{"ms":452}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"691a2203-1433-44d4-b173-938a52dbea22","uptime":{"ms":30042}},"memstats":{"gc_next":36201104,"memory_alloc":18724416,"memory_total":23093208,"rss":45715456}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"system":{"cpu":{"cores":4},"load":{"1":0.1,"15":0.06,"5":0.05,"norm":{"1":0.025,"15":0.015,"5":0.0125}}}}}}